Merge pull request #2607 from trycompai/lewis/comp-delete-org-trace

[dev] [carhartlewis] lewis/comp-delete-org-trace

Author: carhartlewis

apps/api/src/admin-organizations/admin-audit-log.interceptor.spec.ts

@@ -82,7 +82,9 @@ describe('AdminAuditLogInterceptor', () => {
   let interceptor: AdminAuditLogInterceptor;
 
   beforeEach(() => {
-    interceptor = new AdminAuditLogInterceptor();
+    interceptor = new AdminAuditLogInterceptor({
+      get: jest.fn().mockReturnValue(false),
+    } as never);
     jest.clearAllMocks();
     mockPolicyFind.mockResolvedValue(null);
     mockTaskFind.mockResolvedValue(null);

apps/api/src/admin-organizations/admin-audit-log.interceptor.ts

@@ -6,8 +6,10 @@ import {
   NestInterceptor,
 } from '@nestjs/common';
 import { AuditLogEntityType, db, Prisma } from '@db';
+import { Reflector } from '@nestjs/core';
 import { Observable, tap } from 'rxjs';
 import { MUTATION_METHODS, SENSITIVE_KEYS } from '../audit/audit-log.constants';
+import { SKIP_ADMIN_AUDIT_LOG_KEY } from './skip-admin-audit-log.decorator';
 
 const SEGMENT_TO_RESOURCE: Record<
   string,
@@ -41,7 +43,17 @@ interface ParsedPath {
 export class AdminAuditLogInterceptor implements NestInterceptor {
   private readonly logger = new Logger(AdminAuditLogInterceptor.name);
 
+  constructor(private readonly reflector: Reflector) {}
+
   intercept(context: ExecutionContext, next: CallHandler): Observable<unknown> {
+    const skip = this.reflector.get<boolean>(
+      SKIP_ADMIN_AUDIT_LOG_KEY,
+      context.getHandler(),
+    );
+    if (skip) {
+      return next.handle();
+    }
+
     const request = context.switchToHttp().getRequest();
     const method: string = request.method;
 

apps/api/src/admin-organizations/admin-organizations.controller.spec.ts

@@ -14,7 +14,28 @@ jest.mock('../auth/auth.server', () => ({
   auth: { api: {} },
 }));
 
-jest.mock('@db', () => ({ db: {} }));
+jest.mock('@db', () => ({
+  db: {},
+  AuditLogEntityType: {
+    organization: 'organization',
+    people: 'people',
+    control: 'control',
+    policy: 'policy',
+    task: 'task',
+    vendor: 'vendor',
+    risk: 'risk',
+    finding: 'finding',
+    framework: 'framework',
+    integration: 'integration',
+    trust: 'trust',
+  },
+  CommentEntityType: {
+    task: 'task',
+    vendor: 'vendor',
+    risk: 'risk',
+    policy: 'policy',
+  },
+}));
 
 describe('AdminOrganizationsController', () => {
   let controller: AdminOrganizationsController;
@@ -28,12 +49,20 @@ describe('AdminOrganizationsController', () => {
     revokeInvitation: jest.fn(),
     getAuditLogs: jest.fn(),
   };
+  const mockPurgeService = {
+    purgeOrganization: jest.fn(),
+  };
 
   beforeEach(async () => {
     const module: TestingModule = await Test.createTestingModule({
       controllers: [AdminOrganizationsController],
       providers: [
         { provide: AdminOrganizationsService, useValue: mockService },
+        {
+          provide: require('./purge-organization.service')
+            .PurgeOrganizationService,
+          useValue: mockPurgeService,
+        },
       ],
     }).compile();
 
@@ -160,6 +189,28 @@ describe('AdminOrganizationsController', () => {
     });
   });
 
+  describe('purge', () => {
+    it('should call purge service with confirm, id, and acting user', async () => {
+      mockPurgeService.purgeOrganization.mockResolvedValue({
+        success: true,
+        organizationId: 'org_1',
+      });
+
+      const result = await controller.purge(
+        'org_1',
+        { userId: 'usr_admin' } as { userId: string },
+        { confirm: 'acme' },
+      );
+
+      expect(mockPurgeService.purgeOrganization).toHaveBeenCalledWith({
+        organizationId: 'org_1',
+        confirm: 'acme',
+        adminUserId: 'usr_admin',
+      });
+      expect(result).toEqual({ success: true, organizationId: 'org_1' });
+    });
+  });
+
   describe('revokeInvitation', () => {
     it('should call service with org id and invitation id', async () => {
       mockService.revokeInvitation.mockResolvedValue({ success: true });

apps/api/src/admin-organizations/admin-organizations.controller.ts

@@ -17,8 +17,11 @@ import { ApiExcludeController, ApiOperation, ApiQuery, ApiTags } from '@nestjs/s
 import { Throttle } from '@nestjs/throttler';
 import { PlatformAdminGuard } from '../auth/platform-admin.guard';
 import { AdminOrganizationsService } from './admin-organizations.service';
+import { PurgeOrganizationService } from './purge-organization.service';
 import { AdminAuditLogInterceptor } from './admin-audit-log.interceptor';
+import { SkipAdminAuditLog } from './skip-admin-audit-log.decorator';
 import { InviteMemberDto } from './dto/invite-member.dto';
+import { PurgeOrganizationDto } from './dto/purge-organization.dto';
 
 @ApiExcludeController()
 @ApiTags('Admin - Organizations')
@@ -27,7 +30,10 @@ import { InviteMemberDto } from './dto/invite-member.dto';
 @UseInterceptors(AdminAuditLogInterceptor)
 @Throttle({ default: { ttl: 60000, limit: 30 } })
 export class AdminOrganizationsController {
-  constructor(private readonly service: AdminOrganizationsService) {}
+  constructor(
+    private readonly service: AdminOrganizationsService,
+    private readonly purgeService: PurgeOrganizationService,
+  ) {}
 
   @Get()
   @ApiOperation({ summary: 'List all organizations (platform admin)' })
@@ -159,6 +165,32 @@ export class AdminOrganizationsController {
     return this.service.listInvitations(id);
   }
 
+  @Delete(':id')
+  @SkipAdminAuditLog()
+  @ApiOperation({
+    summary:
+      'Permanently delete organization and all associated data (platform admin)',
+  })
+  @Throttle({ default: { ttl: 60000, limit: 2 } })
+  @UsePipes(
+    new ValidationPipe({
+      whitelist: true,
+      forbidNonWhitelisted: true,
+      transform: true,
+    }),
+  )
+  async purge(
+    @Param('id') id: string,
+    @Req() req: { userId: string },
+    @Body() body: PurgeOrganizationDto,
+  ) {
+    return this.purgeService.purgeOrganization({
+      organizationId: id,
+      confirm: body.confirm,
+      adminUserId: req.userId,
+    });
+  }
+
   @Delete(':id/invitations/:invId')
   @ApiOperation({ summary: 'Revoke invitation (platform admin)' })
   @Throttle({ default: { ttl: 60000, limit: 10 } })

apps/api/src/admin-organizations/admin-organizations.module.ts

@@ -9,6 +9,9 @@ import { CommentsModule } from '../comments/comments.module';
 import { AttachmentsModule } from '../attachments/attachments.module';
 import { AdminOrganizationsController } from './admin-organizations.controller';
 import { AdminOrganizationsService } from './admin-organizations.service';
+import { PurgeOrganizationService } from './purge-organization.service';
+import { PurgeOrganizationSnapshotService } from './purge-organization-snapshot.service';
+import { PurgeOrganizationExternalService } from './purge-organization-external.service';
 import { AdminFindingsController } from './admin-findings.controller';
 import { AdminPoliciesController } from './admin-policies.controller';
 import { AdminTasksController } from './admin-tasks.controller';
@@ -36,6 +39,11 @@ import { AdminEvidenceController } from './admin-evidence.controller';
     AdminContextController,
     AdminEvidenceController,
   ],
-  providers: [AdminOrganizationsService],
+  providers: [
+    AdminOrganizationsService,
+    PurgeOrganizationService,
+    PurgeOrganizationSnapshotService,
+    PurgeOrganizationExternalService,
+  ],
 })
 export class AdminOrganizationsModule {}

apps/api/src/admin-organizations/dto/purge-organization.dto.ts

@@ -0,0 +1,14 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsNotEmpty, IsString, MinLength } from 'class-validator';
+
+export class PurgeOrganizationDto {
+  @ApiProperty({
+    description:
+      'The target organization slug. Must match exactly to confirm deletion.',
+    example: 'acme-corp',
+  })
+  @IsString()
+  @IsNotEmpty()
+  @MinLength(1)
+  confirm: string;
+}